Security Platforms/Tools

Juniper Warns of 'Unauthorized Code' on Its Firewalls

Juniper is warning of unauthorized code in ScreenOS, the operating system for its NetScreen firewalls, that could allow attackers to gain administrative access and decrypt VPN connections.

"During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections," Bob Worrall, Juniper Networks Inc. (NYSE: JNPR)'s SVP and CIO, said on the Juniper support forums Thursday.

"At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems and apply the patched releases with the highest priority," Worrall said.

The vulnerability affects NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20.

Want to know more about security? Visit Light Reading's security content channel.

Juniper found no evidence SRX or other Junos devices were affected, Worrall said.

Juniper declined to comment on how the code got into ScreenOS.

A 2013 article in Der Spiegel said the NSA was able to break Juniper firewalls, along with "nearly all the security architecture made by the major players in the industry," including Cisco Systems Inc. (Nasdaq: CSCO), Huawei Technologies Co. Ltd. and Dell Technologies (Nasdaq: DELL)

Related posts:

— Mitch Wagner, Circle me on Google+ Follow me on TwitterVisit my LinkedIn profileFollow me on Facebook, West Coast Bureau Chief, Light Reading. Got a tip about SDN or NFV? Send it to [email protected]

Mitch Wagner 12/21/2015 | 10:22:26 AM
Re: Transparency That's the question everyone wants an answer to!
t.bogataj 12/21/2015 | 2:45:21 AM
Re: Devastating This compromises not only Juniper, but all US vendors in many markets (EU, Asia). If this was the case with Juniper, why would it be any different with others (including Cisco/sson)?

And it is hard to believe that Juniper's amazement over the "discovery" is sincere. Especially in the light of obvious political trends to make back doors compulsory (as SDxCentral pointed out).

Ariella 12/19/2015 | 5:59:53 PM
Re: Devastating @inkstainedwretch I agree that it looks very bad. But it may not be fatal. Many companies have hit the headlines over breaches, suffered a bit in the short term only to bounce back to business as usual. 
inkstainedwretch 12/19/2015 | 3:30:49 PM
Devastating I'm sorry, but it is not possible to get ahead of the PR here. This has the potential to be as damaging, and perhaps more damaging, than the appalling hack at the US Office of Personnel Management revealed just a couple months ago. How does anyone slip unauthorized code into a source code? It's been as much as three years in which corporate and government (possibly including the FBI, DoD, and Treasury) VPNs have been "completely compromised" -- Juniper's words, not mine. For a company that is building its reputation on security, this can be crippling, if not fatal. -- Brian Santo
Atlantis-dude 12/19/2015 | 11:07:15 AM
Re: Transparency how did it get in?
Mitch Wagner 12/18/2015 | 8:16:18 PM
Re: Transparency Yes, it pays for a vendor to stay ahead of a situation like this. 
danielcawrey 12/18/2015 | 4:02:14 PM
Transparency I appreciate the transparency Juniper is trying to provide here. 

Unlike software applications that can be more easily patched, Juniper's hardware requires more extensive patching in order to fix this. Being vocal about the issue gives the company a good PR boost at a time when it is needed. 
Sign In